52 essential U.S. services were attacked by a single ransomware group

Between April 2020 and January 2022, 52 companies in essential U.S. departments, including government weapons, were attacked by ransomware at the hands of the same group. These posts are part of a report released on Monday (07). The FBI and Detail are attacking 10 infrastructure sectors, including energy, industry, technology and financial services companies.

The malware in question is RagnarLocker, which has been operating against companies around the world since at least December 2019. Key attack vector remote access and management systems, mainly Connectgaum and Kaseya, It was a blow to the supply chain that registered in July last year Gang criminals act as the main gateway to access the internal systems of companies.

Experts talk about plague with various variations and extensive ambiguous capabilities, always trying to avoid security and surveillance systems. On the other hand, the FBI cites efforts to combat the infrastructure used by Rockner Locker to carry out its scams and direct actions to invade attackers’ personal information and cryptocurrency wallets.

In the release of the report, the FBI also released new indicators of compromise, which could be used by network administrators to identify and prevent gang activity on their computers. In addition, the survey comes with a public request to companies that detect RagnarLocker activity to contact and share recovery notes, attack timelines, insect models used and other information that may be important in monitoring the group’s activities.

In addition, the US government has strengthened its recommendation that companies should not negotiate or pay fraudsters because such approaches could lead to new attacks and make cybercrime profitable. Officials said they understood the pressure, especially in the case of internal data leakage and restarting systems that had been blocked by the attack, but pointed out that the use of recovery and regression systems was a priority.

The FBI report does not specify a degree, but the numbers make RagnarLocker one of the largest ransomware gangs operating against U.S. companies. Other key names are ransomware and BlackByte, which are said to have attacked at least 49 essential service providers in Cuba, and three attacks have been recorded in the past few months.

Source: FBI